US2024111907A1PendingUtilityA1

A device and a communication method

Assignee: NCIPHER SECURITY LTDPriority: Jan 15, 2021Filed: Jan 13, 2022Published: Apr 4, 2024
Est. expiryJan 15, 2041(~14.5 yrs left)· nominal 20-yr term from priority
Inventors:Ian Harvey
G06F 21/72H04L 9/0825H04L 9/0877H04L 9/0897H04L 9/14H04L 9/3263
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A device comprising: an input; a memory; and a processor module; configured to: store information in the memory defining a first isolated environment associated with a first user; responsive to a request received through the input, run the first isolated environment; authenticate the first user in the first isolated environment and, if the first user is authenticated, establish a first secure connection with the first user in the first isolated environment; and responsive to a user command received over the first secure connection; execute, in the first isolated environment, a first operation corresponding to the user command.

Claims

exact text as granted — not AI-modified
1 . A device comprising:
 an input;   a memory; and   a processor module, configured to:
 store information in the memory defining a first isolated environment associated with a first user; 
 responsive to a request received through the input, run the first isolated environment; 
 authenticate the first user in the first isolated environment and, if the first user is authenticated, establish a first secure connection with the first user in the first isolated environment; and 
 responsive to a user command received over the first secure connection, execute, in the first isolated environment, a first operation corresponding to the user command. 
   
     
     
         2 . The device according to  claim 1 , wherein the first operation comprises at least one of: cryptographic key generation, cryptographic key derivation, performing an encryption operation; performing a decryption operation and performing a digital signature operation. 
     
     
         3 . The device according to  claim 2 , wherein a first master key associated with the first user is stored in the information in the memory defining the first isolated environment, wherein the first operation is executed using a first application key, and wherein the first application key is retrieved using the first master key. 
     
     
         4 . The device according to  claim 1 , wherein a first public key is stored in the information in the memory defining the first isolation environment, the first public key being part of a first key pair comprising the first public key and a first private key associated with the first user. 
     
     
         5 . The device according to  claim 4 , wherein a second private key is stored in the information in the memory defining the first isolated environment, the second private key being part of a second key pair comprising the second private key and a second public key. 
     
     
         6 . The device according to  claim 5 , wherein authenticating the first user and establishing the first secure connection comprises:
 receiving a communication comprising a first signature from the first user;   validating, in the first isolated environment, the first signature using the first public key;   generating a second signature using the second private key in the first isolated environment;   sending a communication comprising the second signature to the first user.   
     
     
         7 . The device according to  claim 6 , wherein authenticating the first user and establishing the first secure connection further comprises:
 encrypting a third key using the first public key in the first isolated environment and sending the encrypted third key to the first user, or receiving an encrypted third key from the first user at the first isolated environment and decrypting the encrypted third key using the second private key;   wherein the third key is used to encrypt communications between the first user and the first isolated environment thus providing the first secure connection.   
     
     
         8 . The device according to  claim 1 , wherein the information in the memory defining the first isolated environment comprises information identifying program instructions which, when executed, cause the processor to perform the first operation. 
     
     
         9 . The device according to  claim 8 , wherein a first version of the program instructions and a second version of the program instructions are stored in the memory, and wherein the information identifying the program instructions comprises an indication of the first version. 
     
     
         10 . The device according to  claim 1 , wherein the processor module is further configured to:
 store information in the memory defining a second isolated environment associated with a second user;   responsive to a request received through the input, run the second isolated environment;   authenticate the second user in the second isolated environment and, if the second user is authenticated, establish a second secure connection with the second user in the second isolated environment; and   responsive to a user command received over the second secure connection, execute, in the second isolated environment, a second operation corresponding to the user command.   
     
     
         11 . The device according to  claim 1 , wherein the information stored in the memory defining the first isolated environment associated with the first user comprises an encrypted file. 
     
     
         12 . A system comprising the device according to  claim 4 , and a first user device, wherein the first user device operates a shielded virtual machine, and wherein the first private key is stored in the shielded virtual machine. 
     
     
         13 . A method of communication, comprising:
 running a first isolated environment corresponding to a first user on a device in response to receiving a request;   authenticating the first user in the first isolated environment and, if the first user is authenticated, establishing a first secure connection with the first user in the first isolated environment;   receiving a user command over the first secure connection; and   executing, in the first isolated environment, a first operation corresponding to the user command.   
     
     
         14 . A method of creating an isolated environment, comprising:
 receiving a request to create an isolated environment associated with a first user;   creating the first isolated environment associated with the first user;   establishing a secure connection with the first user in the first isolated environment;   receiving information allowing performance of one or more operations in relation to the first user over the secure connection.   
     
     
         15 . A non-transitory computer readable storage medium comprising computer readable code configured to cause a computer to perform the method of  claim 13 . 
     
     
         16 . A non-transitory computer readable storage medium comprising computer readable code configured to cause a computer to perform the method of  claim 14 .

Join the waitlist — get patent alerts

Track US2024111907A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.